From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 1a933dc05608160c673c7df8407bf6dc4c47e0ceec7b5eaf93d294f343fb579b
Message ID: <9301221546.AA24473@soda.berkeley.edu>
Reply To: N/A
UTC Datetime: 1993-01-22 15:48:48 UTC
Raw Date: Fri, 22 Jan 93 07:48:48 PST
From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Fri, 22 Jan 93 07:48:48 PST
To: cypherpunks@toad.com
Subject: crypto, NSA, gnu, and cypherpunks in Boardwatch magazine
Message-ID: <9301221546.AA24473@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain
Jack Rickard was kind enough to send me the following. A new member
of the list told me he had found out about the list from this article.
Eric
-----------------------------------------------------------------------------
From: jack.rickard@boardwatch.com
Date: Wed Jan 20 09:57:55 1993
Subject: CYPHERPUNKS COVERAGE
The following article appeared in the February, 1993 issue of Boardwatch
Magazine, a monthly publication covering electronic bulletin boards,
online information services, and networking issues.
Boardwatch Magazine is published monthly at an annual subscription rate
of $36. Boardwatch Magazine, 7586 West Jewell Ave., Suite 200, Lakewood
CO 80232; (303)973-6038 voice; (303)986-8754 fax; (303)973-4222 data.
Internet: jack.rickard@boardwatch.com.
FRONTAL ATTACK ON THE PUZZLE PALACE
by Lance Rose
A privately funded attack is underway against a little-known government agency
that has devoted itself to the control of privacy in this country (who gets to
have privacy, who doesn't, and how much privacy can anyone have?). If
successful, it may begin to unravel decades of surreptitious information
control so effective most of us have not been aware of its operation.
The agency in question is the National Security Agency, or NSA. It was
established in 1952 by President Harry Truman to monitor signal transmissions
that might affect the security of the United States. Since that time, the NSA
has steadily cast a pall over public use and knowledge of cryptography, and
generally regulated the limits of privacy in this country. It has done so with
40,000 or more active employees, and funding not readily discernible from
inspecting Congressional budget lines.
Those not already familiar with the NSA might be surprised at the depth and
extent of its influence. For instance, rumor has it that NSA monitors much of
the digital telephone activity in this country, even though it is authorized
only to monitor foreign transmissions.
NSA is also in charge of regulating the export of cryptographic devices to
other countries, which are officially deemed such a great security risk they
are dealt with as "munitions" under the U.S. export control laws. Any device
or software intended for export and using encryption techniques (which are
usually included to aid in the privacy or security of personal or business
communications, such as in cellular phones) must be reviewed by the State
Dept., which generally passes on the review to the NSA. These review processes
are so slow and nitpicking that they choke off almost all international trade
in effective encryption devices from the U.S. The ultimate effect of this
process, as pointed out by John Barlow of the EFF, is to inhibit development of
strong encryption devices even within the U.S., since manufacturers are often
reluctant to make two different versions of their goods, one for domestic use
and one for export. Well-known, powerful encryption techniques subject to
close NSA export control include devices based on the DES algorithm, and public
key devices based on the RSA algorithm.
In addition, NSA is actively involved, along with such cohorts as the FBI and
the Justice Department, in ongoing legislative efforts to keep effective new
cryptography and privacy techniques out of the public's hands. Last year,
proposed Senate Bill 266 would have made it illegal to use a cryptographic
technique unless the government had been provided a "back door" enabling it to
easily extract the plain text from any message encrypted through that
technique. Apparently, brute force cipher-cracking by the NSA was wasting a
little too much of the taxpayers' dollars (albeit through untraceable budget
lines) so we would all get a break if the government's obligatory snooping and
code-cracking activities cost a lot less. Luckily, this bill was kept from
enactment, in large part through the efforts of the Electronic Frontier
Foundation.
NSA and FBI came back this year with a new variation - a bill that would
require all phone companies to set up special wiretap stations for official
eavesdropping, so agents would not have to waste taxpayer dollars figuring out
how to tap those nasty optical fiber lines without being detected. It's ironic
that in the face of a federal statute (the Electronic Communications Privacy
Act) with strong legal obstacles to discourage officials who seek to monitor
private telephone activities, those same officials want to install facilities
giving them the practical ability to wiretap as easily as you or I might open
the faucet for a glass of water. Another NSA tactic has been massive
removal of texts on cryptography from public access through classifying them as
secret government documents. Again, slowing down the transmission of knowledge
on cryptography in this manner has placed a drag on development of publicly
useful encryption methods. The advent of the Freedom of Information Act (FOIA)
threatened this regime, with its provisions for requesting declassification of
government documents.
However the NSA, like many other federal agencies, discovered a fairly
effective antidote to FOIA requests: ignore the requests, and when it could
ignore them no longer, make the requesting party drag the NSA bodily into court
over and over in escalating legal procedures to compel production of the
requested documents. This process was such a burden on the requesting parties
that it weeded out all but the most dedicated and well-financed attempts to
fetch documents on cryptography out of the black hole of NSA classification.
Such conduct was also literally illegal, since it involved failure to meet
statutory time limits to respond to FOIA document requests. The NSA appeared
to be deliberately not meeting the time limits, and basically thumbing its nose
at those who sought the documents under its control.
One of those who encountered the NSA's monumental heel- dragging in releasing
cryptography-related documents was John Gilmore. Gilmore runs a software house
named Cygnus Support, was one of the founders of the Electronic Frontier
Foundation, and is a vocal and impassioned supporter of individual privacy
rights against the modern encroachments of the state. Gilmore and his
attorney, Lee Tien, decided to challenge certain NSA practices head-on,
specifically the practices of overclassifying documents in the area of
cryptography, and the NSA's unwillingness to release cryptographic materials
into the public domain regardless of whether the materials actually have
strategic military value justifying their classification.
In July, 1992, Gilmore requested, under the FOIA, copies of the books "Military
Cryptanalysis" by Friedman, volumes 3-4 (earlier volumes were already
declassified) and "Military Cryptanalytics" by Friedman and Callimahos, volume
3 onward (the exact number of volumes is not publicly known). The Friedman
books dated from the 1930's, the ones with Callimahos from the 1950's - not
likely state of the art stuff. To add a little irony, Friedman had been one of
the founders of the NSA.
To no one's surprise, the NSA did not respond to Gilmore's FOIA request for the
books. Gilmore appealed the decision administratively, but again was unable to
obtain the materials, forcing him to the next step of filing a suit against NSA
in federal court in the Northern District of California. Here is an example of
an administrative setup ripe for abuse, being played for all it's worth by the
NSA. In an ordinary court action, a party who does not respond within a time
limit set by statute can lose the case by default. Here, however, the NSA did
not lose anything by not responding to the FOIA requests in the administrative
agency setting. In fact it actually gained an advantage, forcing Gilmore to
put more energy and resources first into a pointless administrative appeal, and
then finally starting a federal court action from scratch.
Some time after beginning the FOIA procedure, Gilmore tracked down the Friedman
volumes from the '30's at a couple of public repositories in California.
Amazingly, when the NSA found out he had the books, they told him the books
were still classified or should be classified, and threatened him with a
criminal action if he dared to show the books to anyone else. This received
some press attention in the S.F. Examiner and elsewhere, to the NSA's great
displeasure. Not only was the NSA getting publicity, which it shuns, but it
looked like NSA was trying to bury ancient materials already fully accessible
to the public, and threatening to jail someone who dared assert the public had
a right to such materials.
The attention had a salutary effect on the NSA's actions, however. They
recently declassified the old Friedman volumes, making it perfectly legal for
Gilmore to distribute them. Score one for the libertarians. They have started
the NSA backpedalling.
As we go to press, Gilmore's case against the NSA is still proceeding for
purpose of obtaining the remaining Military Cryptanalytics volume(s), as well
as a "pattern and practice" claim against the NSA. This last legal claim is
particularly important. As described above, the NSA drags its heels on FOIA
requests, outlasting all but the most resolute opponents. But any time a hardy
soul manages to push his case close to a court decision, the NSA can turn
around at the last moment and say, "here are the materials you requested." The
case would then officially become moot because the request was finally honored,
and no court decision stating that the NSA engages in obstructive and delaying
practices would ever issue. This sorry result can be avoided by the claim that
NSA engages in a "pattern and practice" of obstructing and delaying FOIA
requests for cryptographic materials. It will survive any such "mooting" move
by the NSA, and if Gilmore perseveres, may result in a judicial decision laying
some of the NSA's practices bare on the public record.
If Gilmore and his attorney Lee Tien succeed, they could end up chipping off a
big piece of the NSA wall of darkness. From the look of things, they may still
have some arduous going ahead. No matter the decision on the trial court level, the NSA will have many court appeals left, and doubtless ot getting to
UUCICO:USERLOG:d:\tbbs\userlog.inx
Those interested in cryptography issues may find a new Internet mailing list of
interest. A group is physically meeting in John Gilmore's Silicon Valley
facilities and has started a mailing list under moderation of Timothy C. May
(tcmay@netcom.com). The group includes John Draper (Cap'n Crunch), Tom
Jennings, and others interested in cryptography, anonymous mail forwarding
techniques, encryption, the Pretty Good Privacy program, and other privacy
issues. You can join this mailing list from any service allowing Internet
e-mail by sending a message to CYPHERPUNKS-REQUEST@TOAD.COM.
[<BI>Lance Rose is an attorney practicing high-tech, computer and intellectual
property law in the New York City area, and is available on the Internet at
elrose@well.sf.ca.us and on CompuServe at 72230,2044. He works with shareware
publishers, software authors, system operators, technology buyers, interactive
media developers, on-line database services and others in the high technology
area. He is also author of the book SYSLAW, a legal guide for bulletin board
system operators, available from PC Information Group (800)321-8285. - Editor<D>]
Return to January 1993
Return to “tcmay@netcom.com (Timothy C. May)”